User menu

Search form

A Major Step Forward in Better Protecting Federal, State and Local Cyber Networks

August 13, 2013

5:31 pm

This week, DHS achieved an important milestone towards better protecting government networks from cyber attacks. The General Services Administration yesterday announced a contract award that will allow government agencies to partner with the Department of Homeland Security (DHS) to deploy Continuous Diagnostics and Mitigation (CDM) technology that will enhance the security and resilience of their networks – better safeguarding both the sensitive data on those networks and the critical functions they provide to all Americans.

Through the CDM program, DHS works with partners across the entire Federal executive branch civilian government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management and feed data about an agency’s cybersecurity flaws and present those risks in an automated and continuously-updated dashboard. CDM, which will also be available for state and local entities as well as the defense industrial base sector, provides our stakeholders with the tools they need protect their networks and enhance their ability to see and counteract day-to-day cyber threats.

Whether to receive important health or emergency information or to check on the provision of essential government services, millions of Americans visit government websites every day. While increased connectivity has transformed and improved access to government, it also has increased the importance and complexity of our shared risk. The growing number of cyber attacks on Federal government networks is growing more sophisticated, aggressive, and dynamic.

Government computer networks and systems contain information on national security, law enforcement, and other sensitive data, including information about federal employees and others. It is paramount that the government protects this information from theft and protects networks and systems from attacks while continually providing essential services to the public. As the department responsible for securing unclassified federal civilian government networks—the “dot-gov” domain—DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the nation’s data.

Under the CDM program, participating departments and agencies will be able to enhance their cybersecurity assessments by implementing automated network sensor capacity and prioritizing risk alerts. Results will feed into agency-level dashboards that produce customized reports that alert information technology managers to the most critical cyber risks, enabling them to readily identify which network security issues to address first, thus enhancing the overall security posture of agency networks. Summary information from participating agencies will feed into a central Federal-level dashboard, managed by DHS’ National Cybersecurity Communication and Integration Center, to inform and prioritize cyber risk assessments across the Federal enterprise and support common operational pictures that provide cybersecurity situational awareness to our stakeholders.

The CDM program will strengthen cybersecurity across the “dot-gov” domain, improve our cybersecurity posture, and enhance other critical cybersecurity capabilities to thwart advanced, persistent cyber threats in a dynamic threat environment.

DHS has partnered with the General Services Administration to award a multi-vendor, five-year blanket purchase agreement contract for the CDM program, that will provide real-time diagnostic and mitigation services to federal executive branch civilian agencies, state and local entities, and the defense industrial base sector. The BPA is an overarching contract with an estimated ceiling of $6 billion over its five year duration (one-year contract with four additional one-year options) and is open to all Federal civilian departments and agencies, the defense industrial base sector, as well as state, local, tribal, and territorial governments. This significant contract award is designed to support Federal civilian networks and the extensive number of cybersecurity requirements for any Federal custom and cloud application over the life of the contract, and will be funded through each participating department and agency, not solely by DHS.